improve multicluster resource controller

Signed-off-by: hongming <talonwan@yunify.com>
2020-06-15 14:09:32 +08:00
parent 61d827db54
commit 4fcaa78b45
51 changed files with 3583 additions and 381 deletions
--- a/pkg/models/iam/am/am.go
+++ b/pkg/models/iam/am/am.go
@@ -333,9 +333,9 @@ func (am *amOperator) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole,
 	return obj.(*iamv1alpha2.GlobalRole), nil
 }

-func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string) error {
+func (am *amOperator) CreateGlobalRoleBinding(username string, role string) error {

-	_, err := am.GetGlobalRole(globalRole)
+	_, err := am.GetGlobalRole(role)

 	if err != nil {
 		klog.Error(err)
@@ -350,7 +350,7 @@ func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string
 	}

 	for _, roleBinding := range roleBindings {
-		if globalRole == roleBinding.RoleRef.Name {
+		if role == roleBinding.RoleRef.Name {
 			return nil
 		}
 		err := am.ksclient.IamV1alpha2().GlobalRoleBindings().Delete(roleBinding.Name, metav1.NewDeleteOptions(0))
@@ -365,7 +365,7 @@ func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string

 	globalRoleBinding := iamv1alpha2.GlobalRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:   fmt.Sprintf("%s-%s", username, globalRole),
+			Name:   fmt.Sprintf("%s-%s", username, role),
 			Labels: map[string]string{iamv1alpha2.UserReferenceLabel: username},
 		},
 		Subjects: []rbacv1.Subject{
@@ -378,7 +378,7 @@ func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string
 		RoleRef: rbacv1.RoleRef{
 			APIGroup: iamv1alpha2.SchemeGroupVersion.Group,
 			Kind:     iamv1alpha2.ResourceKindGlobalRole,
-			Name:     globalRole,
+			Name:     role,
 		},
 	}

@@ -456,7 +456,7 @@ func (am *amOperator) CreateWorkspaceRoleBinding(username string, workspace stri

 	roleBinding := iamv1alpha2.WorkspaceRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: fmt.Sprintf("%s-%s", role, username),
+			Name: fmt.Sprintf("%s-%s", username, role),
 			Labels: map[string]string{iamv1alpha2.UserReferenceLabel: username,
 				tenantv1alpha1.WorkspaceLabel: workspace},
 		},
--- a/pkg/models/iam/im/im.go
+++ b/pkg/models/iam/im/im.go
@@ -131,10 +131,7 @@ func (im *defaultIMOperator) ListUsers(query *query.Query) (result *api.ListResu

 	for _, item := range result.Items {
 		user := item.(*iamv1alpha2.User)
-		out := user.DeepCopy()
-		// ensure encrypted password will not be output
-		out.Spec.EncryptedPassword = ""
-		items = append(items, out)
+		items = append(items, ensurePasswordNotOutput(user))
 	}

 	result.Items = items
@@ -156,11 +153,8 @@ func (im *defaultIMOperator) DescribeUser(username string) (*iamv1alpha2.User, e
 	}

 	user := obj.(*iamv1alpha2.User)
-	out := user.DeepCopy()
-	// ensure encrypted password will not be output
-	out.Spec.EncryptedPassword = ""

-	return out, nil
+	return ensurePasswordNotOutput(user), nil
 }

 func (im *defaultIMOperator) DeleteUser(username string) error {
@@ -175,3 +169,10 @@ func (im *defaultIMOperator) CreateUser(user *iamv1alpha2.User) (*iamv1alpha2.Us
 	}
 	return user, nil
 }
+
+func ensurePasswordNotOutput(user *iamv1alpha2.User) *iamv1alpha2.User {
+	out := user.DeepCopy()
+	// ensure encrypted password will not be output
+	out.Spec.EncryptedPassword = ""
+	return out
+}